WordPress Restrict User Access <= 2.5 - Cross-Site Scripting

WordPress Restrict User Access – Membership Plugin with Force versions before 2.6 is vulnerable to Reflected Cross-Site Scripting via the 'ruasection' parameter in the admin level edit page. id: CVE-2024-29138 info: name: WordPress Restrict User Access = 2.5 - Cross-Site Scripting author: Shivam...

Aquatronica Controller System <= 5.1.6 - Information Disclosure

Aquatronica Controller System firmware 5.1.6 and earlier and web interface 2.0 and earlier contain an information disclosure vulnerability caused by unauthenticated access to tcp.php endpoint, letting remote attackers retrieve sensitive configuration data including plaintext credentials, exploit...

EUVD-2026-39778

Mattermost Plugins versions =11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI API key via inspection of mattermost.log entries...

CVE-2026-56069

This CVE concerns the WordPress Toolset Forms plugin (versions up to 2.6.24). The issue is an Unauthenticated Insecure Direct Object Reference (IDOR) in Toolset Forms, allowing access to objects without authentication. The CVSS 3.1 vector indicates network attack, low attack complexity, no privil...

EUVD-2026-39385

Contributor Broken Access Control in Slim SEO = 4.6.2 versions...

CVE-2026-45846 affecting package kernel for versions less than 6.6.141.1-1

CVE-2026-45846 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-46098 affecting package kernel for versions less than 6.6.141.1-1

CVE-2026-46098 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-45835 affecting package kernel for versions less than 6.6.141.1-1

CVE-2026-45835 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-45840 affecting package kernel for versions less than 6.6.141.1-1

CVE-2026-45840 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...

Astra Linux - Vulnerability in libjdom1-java, libjdom2-java

A XXE vulnerability exists in SAXBuilder in JDOM through version 2.0.6, allowing attackers to cause a denial of service through a crafted HTTP request...

EUVD-2026-37593

CP Client Arbitrary File Download in Client Portal Pro = 5.6.2 versions...

EUVD-2026-37672

Unauthenticated Local File Inclusion in Mikado Core = 1.6 versions...

CVE-2025-69174

Unauthenticated Local File Inclusion in Etude = 1.6 versions...

CVE-2025-69127

Unauthenticated PHP Object Injection in Plumbing = 1.6 versions...

EUVD-2026-37708

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cargo RD Cargo Shipping Location for WooCommerce allows Blind SQL Injection. This issue affects Cargo Shipping Location for WooCommerce: from n/a through 5.6...

CVE-2026-35274

Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft component: Deployment Package. Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...

CVE-2026-39589 WordPress Webenvo theme <= 0.0.6 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in Webenvo = 0.0.6 versions...

EUVD-2026-36923

Unauthenticated Cross Site Scripting XSS in WooCommerce Product Table Lite = 4.6.3 versions...

CVE-2026-42639

Unauthenticated SQL Injection in GD Rating System = 3.6.2 versions...

CVE-2026-39447

Unauthenticated Cross Site Scripting XSS in Simply Schedule Appointments = 1.6.10.6 versions...